(resending with nanog-approved address..) On 18. jan. 2013 01:30, Jeff Kell wrote:
On 1/17/2013 6:50 PM, Owen DeLong wrote:
Vonage will, in most cases fail through CGN as will Skype, Xbox-360, and many of the other IM clients.
Not sure about Vonage, but Skype, Xbox, and just about everything else imaginable (other than hosting a server) works just fine over NAT with default-deny inbound here, and we have several thousand students in the dorms that bang the heck out of those services. Most applications have adapted to the SOHO NATing router that is prevalent today on broadband internet. And if it didn't work, believe me, I'd hear about it :)
Your users must have fairly low expectations :-) That snide comment aside, a single level of NAT44 works OK now for most current consumer level applications. But this is about multiple levels of NAT, where the usual "hacks" with UPNP IGD/NAT-PMP to get inbound ports are not likely to work. Even if you dont support these tricks on your end today, its likely that it is supported at the other side. Most "p2p" traffic like Skype only needs the mapping to work at one end, as they have to signal/negotiate addresses and portnumbers through some third party anyway. So currently, even double NAT at one end, it is likely to work out (within the current expectations of users.) When CGN gets to critical mass, where both ends of a connection is likely to be even more crippled than today*, things change. Now you have to bounce all the data of some third party, like a DC, maybe not even on the same continent. When Skype fails to map ports at both ends today the experience is pretty horrible actually, at least over here, even with the backing of Microsofts infrastructure. Also makes me wonder how expensive running such services will become (Only feasable for Google and Microsoft?) * Some support for mapping ports at CGN is in development, but requires new or updated CPE/home gateways, software support/awareness and support for it in the CGN (riiight.)